;; Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
;;
;; This file is free software; you can redistribute it and/or modify it
;; under the terms of the GNU General Public License as published by
;; the Free Software Foundation; either version 3 of the License, or (at
;; your option) any later version.
;;
;; You should have received a copy of the GNU General Public License
;; along with this file.  If not, see <http://www.gnu.org/licenses/>.

(define-module (mumble-vm-system)
  #:use-module (gnu)
  #:use-module (gnu packages admin)
  #:use-module (gnu packages dns)
  #:use-module (gnu packages linux)
  #:use-module (gnu packages ssh)
  #:use-module (gnu services admin)
  #:use-module (gnu services ssh)
  #:export (mumble-vm-operating-system))

(define-public %nginx-deploy-hook
  (program-file
   "nginx-deploy-hook"
   #~(let
         ((nginx-pid (call-with-input-file "/var/run/nginx/pid" read))
          (mumble-server-pid
           (call-with-input-file
               "/var/run/mumble-server/mumble-server.pid" read)))
       ((lambda _
          (kill nginx-pid SIGHUP)
          (kill mumble-server-pid SIGUSR1))))))

(define mumble-vm-operating-system
  (operating-system
   (bootloader (bootloader-configuration
                (bootloader grub-minimal-bootloader)
                (targets '("/dev/vda"))))
   ;; TODO: Does Mumble have some data? Is BTRFS safer than using ext4
   ;; without doing many fsck?
   (file-systems (cons (file-system
                        (device (file-system-label "Guix_image"))
                        (mount-point "/")
                        (type "ext4")) %base-file-systems))
   (host-name "mumble-vm")
   (timezone "Europe/Paris")
   (packages
    (append
     (list htop
           iftop
           `(,isc-bind "utils")
           net-tools
           nmon
           openssh-sans-x)
     %base-packages))
   (services
    (append
     (list
      ;; Networking
      (service
       static-networking-service-type
       (list
        (static-networking
         (addresses (list (network-address
                           (device "eth0")
                           (value "192.168.10.37/24"))))
         (routes (list (network-route
                        (destination "default")
                        (gateway "192.168.10.1"))))
         (name-servers '("192.168.10.1")))))
      ;; OpenSSH
      (service openssh-service-type
               (openssh-configuration
                (openssh openssh-sans-x)
                (use-pam? #f)
                (port-number 222)
                (permit-root-login #t)
                (password-authentication? #f)
                (challenge-response-authentication? #f)
                (authorized-keys
                 `(("root" , (local-file "id_ed25519.pub"))
                   ("gnutoo" ,(local-file "id_ed25519.pub"))))))
      ;; Unattended Upgrades
      (service unattended-upgrade-service-type))
     (modify-services
      %base-services
      (guix-service-type config => (guix-configuration
                                    (authorized-keys
                                     (append
                                      (list
                                       (local-file
                                        "signing-key.pub"))
                                      %default-authorized-guix-keys)))))))))
mumble-vm-operating-system